Back to listing
David Thaw

David Thaw

Assistant Professor of Law and Information Sciences

David Thaw is an Assistant Professor at the University of Pittsburgh.  He holds appointments in the Schools of Law, Computing and Information, and Public and International Affairs.  David is an internationally-recognized expert in law and technology. His research and scholarship examine issues of cybersecurity regulation, cybercrime, cyber warfare, and related questions of privacy and cyberlaw.  In addition to his cyber work, Professor Thaw is also a scholar of administrative and criminal law.

David teaches several cyber-related courses, including courses on cybersecurity law and on cybercrime.  He also teaches administrative law, criminal law, criminal procedure, and constitutional law.

Professor Thaw's legal scholarship has appeared in venues including the Washington Law Review, Connecticut Law Review, the Journal of Criminal Law and Criminology and the Yale Law Journal Online.  His cybersecurity instructional text, Cybersecurity: An Interdisciplinary Problem (with Gus Hurwitz and Derek Bambauer) is under contract with West Academic Publishing.

Comprehensive information regarding Professor Thaw's scholarship, technical research, teaching and other activities are available on his website at

PhD, University of California, Berkeley
JD, Berkeley Law
MA Political Science, University of California Berkeley
BA, University of Maryland, College Park
BS, University of Maryland, College Park


  • Data Breach (Regulatory) Effects, 2015 Cardozo L. Rev. de novo 105 (2015). Available on SSRN.
  • Reasonable Expectations of Privacy Settings: Social Media and the Stored Communications Act, 13 Duke L. & Tech. Rev. 36 (2015). Available on SSRN
  • Surveillance at the Source, 103 Ky. L. J. 405 (2015). Available on SSRN.
  • Enlightened Regulatory Capture, 89 Wash. L. Rev. 329 (2014). Available on SSRN.
  • Invited Blogging: Enlightened Regulatory Capture, REGBLOG (Nov. 12, 2013).
  • The Efficacy of Cybersecurity Regulation, 30 Ga. St. U. L. Rev. 287 (2014). Available on SSRN
  • Invited Congressional Testimony: Reporting Data Breaches: Is Federal Legislation Needed to Protect Consumers?, Hearing Before the House Energy & Commerce Comm., Subcomm. on Commerce, Mfg., & Trade, 113th Cong. (July 18, 2013) (Testimony of David Thaw, Visiting Assistant Professor of Law, University of Connecticut).
  • Invited Blogging: A Flexible Approach to Cybersecurity Regulation, REGBLOG (July 9, 2013).
  • Criminalizing Hacking, Not Dating: Reconstructing the CFAA Intent Requirement, 103 J. Crim. L. & Criminology 907 (2013). Available on SSRN.
  • When Machines Are Watching: How Warrantless Use of GPS Surveillance Technology Terminates The Fourth Amendment Right Against Unreasonable Search, 121 Yale L. J. Online 177 (2011) (with Priscilla Smith, Nabiha Syed & Albert Wong). Available on SSRN.
  • User Choices and Regret: Understanding Users' Decision Process about Consensually Acquired Spyware, 2 I/S: J. L. & Pol. Info. Soc'y 283 (2006) (with Nathaniel Good, Jens Grossklags, Aaron Perzanowski, Deirdre Mulligan, & Joseph Konstan). Available on SSRN.

Scientific, Policy, and Other Academic Publications (Selected):